Merge pull request #10951 from DefectDojo/release/2.38.3

Release: Merge release into master from: release/2.38.3

Author: rossops

.github/ISSUE_TEMPLATE/bug_report.md

@@ -36,7 +36,7 @@ A clear and concise description of what you expected to happen.
  - DefectDojo version (see footer) or commit message: [use `git show -s --format="[%ci] %h: %s [%d]"`]
 
 **Logs** 
-Use `docker-compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
+Use `docker compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
 
 **Sample scan files**
 If applicable, add sample scan files to help reproduce your problem.

.github/ISSUE_TEMPLATE/support_request.md

@@ -36,7 +36,7 @@ A clear and concise description of what you expected to happen.
  - DefectDojo version (see footer) or commit message: [use `git show -s --format="[%ci] %h: %s [%d]"`]
 
 **Logs** 
-Use `docker-compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
+Use `docker compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
 
 **Sample scan files**
 If applicable, add sample scan files to help reproduce your problem.

.github/workflows/build-docker-images-for-testing.yml

@@ -45,9 +45,7 @@ jobs:
           tags: defectdojo/defectdojo-${{ matrix.docker-image }}:${{ matrix.os }}
           file: Dockerfile.${{ matrix.docker-image }}-${{ matrix.os }}
           outputs: type=docker,dest=${{ matrix.docker-image }}-${{ matrix.os }}_img
-          cache-from: type=gha,scope=${{ matrix.docker-image }}
-          cache-to: type=gha,mode=max,scope=${{ matrix.docker-image }}
-  
+
       # export docker images to be used in next jobs below
       - name: Upload image ${{ matrix.docker-image }} as artifact
         timeout-minutes: 10

.github/workflows/release-3-master-into-dev.yml

@@ -50,11 +50,15 @@ jobs:
           CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
           sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
       
+      - name: Update settings SHA
+        run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum
+
       - name: Check numbers
         run: |
           grep version dojo/__init__.py
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
+          cat dojo/settings/.settings.dist.py.sha256sum
 
       - name: Create upgrade notes to documentation
         run: |
@@ -132,11 +136,15 @@ jobs:
           CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
           sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
       
+      - name: Update settings SHA
+        run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum
+
       - name: Check numbers
         run: |
           grep version dojo/__init__.py
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
+          cat dojo/settings/.settings.dist.py.sha256sum
       
       - name: Push version changes
         uses: stefanzweifel/git-auto-commit-action@v5.0.1

.github/workflows/release-x-manual-docker-containers.yml

@@ -49,18 +49,6 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        env:
-          docker-image: ${{ matrix.docker-image }}
-        with:
-          path: /tmp/.buildx-cache-${{ env.docker-image }}
-          key: ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-${{ env.workflow_name }}-${{ github.sha }}-${{ github.run_id }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-${{ env.workflow_name}}-${{ github.sha }}
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-${{ env.workflow_name }}
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-
-
       - name: Build and push images with debian
         if: ${{ matrix.os  == 'debian' }}
         uses: docker/build-push-action@v6
@@ -73,8 +61,6 @@ jobs:
           tags: ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}-${{ matrix.os }}, ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}, ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:latest
           file: ./Dockerfile.${{ env.docker-image }}-${{ matrix.os }}
           context: .
-          cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }}
-          cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }}
 
       - name: Build and push images with alpine
         if: ${{ matrix.os  == 'alpine' }}
@@ -88,9 +74,3 @@ jobs:
           tags: ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}-${{ matrix.os }}
           file: ./Dockerfile.${{ env.docker-image }}-${{ matrix.os }}
           context: .
-          cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }}
-          cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }}
-#           platforms: ${{ matrix.platform }}
-
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.38.2",
+  "version": "2.38.3",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docker/docker-compose-check.sh

@@ -6,11 +6,11 @@ current=$(docker compose  version  --short)
 
 echo 'Checking docker compose version'
 if [[ $main -lt 2 ]]; then
-  echo "$current is not a supported docker-compose version, please upgrade to the minimum supported version: 2.0"
+  echo "$current is not a supported 'docker compose' version, please upgrade to the minimum supported version: 2.0"
   exit 1
 elif [[ $main -eq 1 ]]; then
   if [[ $minor -lt 28 ]]; then
-    echo "$current is not supported docker-compose version, please upgrade to minimal supported version:1.28"
+    echo "$current is not supported 'docker compose' version, please upgrade to minimal supported version:1.28"
     exit 1
   fi
 fi

docker/extra_settings/README.md

@@ -6,7 +6,7 @@ If a file if placed here, it will be copied on startup to `dojo/settings/local_s
 For an example, see [template-local_settings](../../dojo/settings/template-local_settings)
 
 Please note this copy action could fail if you have mounted the full `dojo/` folder, but that is owned by a different user/group.
-That's why this copy action only happens in docker-compose release mode, and not in dev/debug/unit_tests/integration_tests modes.
+That's why this copy action only happens in docker compose release mode, and not in dev/debug/unit_tests/integration_tests modes.
 
 For advanced usage you can also place a `settings.dist.py` or `settings.py` file. These will also be copied on startup to dojo/settings.
 

docs/content/en/contributing/how-to-write-a-parser.md

@@ -15,7 +15,7 @@ All commands assume that you're located at the root of the django-DefectDojo clo
 - Checkout `dev` and make sure you're up to date with the latest changes.
 - It's advised that you create a dedicated branch for your development, such as `git checkout -b parser-name`.
 
-It is easiest to use the docker-compose deployment as it has hot-reload capbility for uWSGI.
+It is easiest to use the docker compose deployment as it has hot-reload capbility for uWSGI.
 Set up your environment to use the debug environment:
 
 `$ docker/setEnv.sh debug`
@@ -27,7 +27,7 @@ Please have a look at [DOCKER.md](https://github.com/DefectDojo/django-DefectDoj
 You will want to build your docker images locally, and eventually pass in your local user's `uid` to be able to write to the image (handy for database migration files). Assuming your user's `uid` is `1000`, then:
 
 {{< highlight bash >}}
-$ docker-compose build --build-arg uid=1000
+$ docker compose build --build-arg uid=1000
 {{< /highlight >}}
 
 ## Which files do you need to modify?
@@ -279,7 +279,7 @@ This ensures the file is closed at the end of the with statement, even if an exc
 
 ### Test database
 
-To test your unit tests locally, you first need to grant some rights. Get your MySQL root password from the docker-compose logs, login as root and issue the following commands:
+To test your unit tests locally, you first need to grant some rights. Get your MySQL root password from the docker compose logs, login as root and issue the following commands:
 
 {{< highlight mysql >}}
 MYSQL> grant all privileges on test_defectdojo.* to defectdojo@'%';
@@ -291,17 +291,17 @@ MYSQL> flush privileges;
 This local command will launch the unit test for your new parser
 
 {{< highlight bash >}}
-$ docker-compose exec uwsgi bash -c 'python manage.py test unittests.tools.<your_unittest_py_file>.<main_class_name> -v2'
+$ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.<your_unittest_py_file>.<main_class_name> -v2'
 {{< /highlight >}}
 
 Example for the blackduck hub parser:
 
 {{< highlight bash >}}
-$ docker-compose exec uwsgi bash -c 'python manage.py test unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser -v2'
+$ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser -v2'
 {{< /highlight >}}
 
 {{% alert title="Information" color="info" %}}
-If you want to run all unit tests, simply run `$ docker-compose exec uwsgi bash -c 'python manage.py test unittests -v2'`
+If you want to run all unit tests, simply run `$ docker compose exec uwsgi bash -c 'python manage.py test unittests -v2'`
 {{% /alert %}}
 
 ### Endpoint validation
@@ -330,7 +330,7 @@ In the event where you'd have to change the model, e.g. to increase a database c
 * Create a new migration file in dojo/db_migrations by running and including as part of your PR
 
     {{< highlight bash >}}
-    $ docker-compose exec uwsgi bash -c 'python manage.py makemigrations -v2'
+    $ docker compose exec uwsgi bash -c 'python manage.py makemigrations -v2'
     {{< /highlight >}}
 
 ### Accept a different type of file to upload

docs/content/en/getting_started/running-in-production.md

@@ -5,7 +5,7 @@ draft: false
 weight: 4
 ---
 
-## Production use with docker-compose
+## Production use with docker compose
 
 The docker-compose.yml file in this repository is fully functional to evaluate DefectDojo in your local environment.
 
@@ -76,7 +76,7 @@ Dockerfile.django-* for in-file references.
 
 You can execute the following command to see the configuration:
 
-`docker-compose exec celerybeat bash -c "celery -A dojo inspect stats"`
+`docker compose exec celerybeat bash -c "celery -A dojo inspect stats"`
 and see what is in effect.
 
 #### Asynchronous Import